import re
import sqlite3
import pymysql


def Linux_IDS(conn, file_name, file_size):
    f = open("Linux_log/" + file_name, "wb")
    conn.send("准备好接收".encode("utf-8"))  # 确认接收

    received_size = 0

    while received_size < file_size:
        if file_size - received_size > 1024:
            size = 1024
        else:
            size = file_size - received_size  # 最后一次接收

        data = conn.recv(size)  # 多次接收
        data_len = len(data)
        received_size += data_len
        f.write(data)
    f.close()
    conn.send("4".encode("utf-8"))  # 确认接收4
    with open('Linux_log/' + file_name, 'r') as file:
        Linux_data = file.readlines()

    black_list = "Failed password for root from"
    list_IP = []
    list_time = []
    for data in Linux_data:
        time_month = data.split(" ")[0]
        time_day = data.split(" ")[2]
        time_time = data.split(" ")[3]
        time = time_month + "/" + time_day + "/" + time_time
        if black_list in data:
            attack_IP = data.split(" ")[11]
            list_IP.append(attack_IP)
            list_time.append(time)

        # sqlite_conn = sqlite3.connect("user_information.db")
        # cur = sqlite_conn.cursor()
        # cur.execute('''CREATE TABLE IF NOT EXISTS log_Linux_information(
        #                                                            Linux_time TEXT,
        #                                                            Linux_data TEXT);''')
        # sqlite_conn.commit()
        # cur.execute(f"INSERT INTO log_Linux_information(Linux_time,Linux_data) values('{time}','{data}')")
        # sqlite_conn.commit()
        # sqlite_conn.close()

        db = pymysql.connect(
            host='localhost',
            user='root',
            password='123456',
            database='maoxuechunqimozuoye'
        )
        py_cursor = db.cursor()
        py_cursor.execute('''CREATE TABLE IF NOT EXISTS log_Linux_information(
                                                                           Linux_time VARCHAR(256),
                                                                           Linux_data VARCHAR(256))DEFAULT CHARSET=utf8;''')
        db.commit()
        py_cursor.execute(f"INSERT INTO log_Linux_information(Linux_time,Linux_data) values('{time}','{data}')")
        db.commit()
        db.close()

    a = {}
    for i in list_IP:
        a[i] = list_IP.count(i)
    difAll = set(list_IP)
    for k in difAll:
        db_IP = k  # IP
        if a[k] > 5:
            db_num = a[k]  # 次数
            flag = 0
            for i in range(len(list_IP)):
                if list_IP[i] == k and flag == 0:
                    db_time = list_time[i]  # 时间
                    flag = 1

                    # sqlite_conn = sqlite3.connect("user_information.db")
                    # cur = sqlite_conn.cursor()
                    # cur.execute('''CREATE TABLE IF NOT EXISTS warning_Linux_information(
                    #                                                                    Attack_type TEXT,
                    #                                                                    Linux_time TEXT,
                    #                                                                    Attack_IP TEXT,
                    #                                                                    Linux_data TEXT);''')
                    # sqlite_conn.commit()
                    # cur.execute(f"INSERT INTO warning_Linux_information(Attack_type,Linux_time,Attack_IP,Linux_data) values('{'检测到SSH暴力破解'}','{db_time}','{db_IP}','{'攻击次数:'+str(db_num)}')")
                    # sqlite_conn.commit()
                    # sqlite_conn.close()

                    db = pymysql.connect(
                        host='localhost',
                        user='root',
                        password='123456',
                        database='maoxuechunqimozuoye'
                    )
                    py_cursor = db.cursor()
                    py_cursor.execute('''CREATE TABLE IF NOT EXISTS warning_Linux_information(
                                                                                                           Attack_type VARCHAR(256),
                                                                                                           Linux_time VARCHAR(256),
                                                                                                           Attack_IP VARCHAR(256),
                                                                                                           Linux_data VARCHAR(256))DEFAULT CHARSET=utf8;''')
                    db.commit()
                    db_num=str(db_num)
                    py_cursor.execute(
                        f"INSERT INTO warning_Linux_information(Attack_type,Linux_time,Attack_IP,Linux_data) values('检测到SSH暴力破解','{db_time}','{db_IP}','{'攻击次数:' + db_num}')")
                    db.commit()
                    db.close()
